Re: [exim] outgoing TLS - verifying certificates

Top Page
Delete this message
Reply to this message
Author: Wolfgang Breyha
Date:  
To: Jeremy Harris
CC: exim-users
Subject: Re: [exim] outgoing TLS - verifying certificates
Jeremy Harris wrote, on 23.07.2013 01:15:
> [we should probably move from exim-users to exim-dev]


Sure. Only wanted to set a pointer to my patch in case someone (fearless
enough;-) ) wants to try it upfront.

> Will existing configs which merely set tls_verify_certificates
> be disabled or still operate? That is, is the change back-compatible?


There currently is no "tls_verify_certificates" for smtp transport. Only
"tls_certificates" which triggers the same behavior as setting
"tls_verify_hosts = *" in the global section.

As said in the bugreport. It will still work, yes. But not in the same way as
before. I tried to bring global config and transport config on par.

Setting tls_certificates only will not activate verification anymore (as in
the main section). This means, that exim will keep the SSL session alive even
if verification would fail. To get the same result as before "tls_verify_hosts
= *" must be added to the smtp_transport as well.

> Can I interest you in adding to the twisty little passages of the test suite?


Sorry, I still had no opportunity to dig into the world of the test suite. Due
to my upcoming (offline) holidays I think I'm not able to contribute in a
timely manner.

Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> | http://www.blafasel.at/
Vienna University Computer Center | Austria